Loading
Sales Basics
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Add Row-Level Security with a Data Governance Policy

            You are here:

            1. Salesforce Help
            2. Docs
            3. Sales Basics

            Add Row-Level Security with a Data Governance Policy

            You must create a role hierarchy to define your sales teams and the data each role can access before you set up Sales Insights. The following example shows you how policies might be set up.

            Required Editions

            Available in: Lightning Experience
            Available with Sales with Agentforce 1 Edition or Agentforce for Sales Add-on license in: Enterprise, Performance, and Unlimited Editions.
            User Permissions Needed
            To manage Data 360: Data Cloud Architect
            To manage Sales Insights: Sales Insights User permission set
            To use Sales Insights: Tableau Next Limited Consumer
            Important
            Important For more detailed information about creating role-based access for Data 360 objects, see Create a Record-Level Policy in Data Cloud .

            Row-Level Security Example based on Record Ownership

            This policy ensures that a user can only view records (for example, Opportunities) that they are explicitly designated as the owner of.

            1. Determine Which Data DMO to Include in the Policy.
            2. The policy must be applied to the primary DMO that contains the record ownership field.
              DMO ssot__Opportunity__dlm
              Description The fact object containing sales opportunity details.
              Controlling Field (User Context) ssot__OwnerId__c (Record Owner ID)
            3. Add Policy/Author
              1. Navigate to the Data Governance tab in Data 360 and create a new Data Policy.
              2. Set the Resource to Record.
              3. Select the DMO: ssot__Opportunity__dlm.
              4. Set the Action to Deny. (This is often used to override the default "Allow All" policy, or you can use an Allow policy that explicitly filters.).
              5. Define the Condition (the security predicate):
              6. Set the rule to Deny access to the record unless the record's owner matches the logged-in user.
              7. Condition Logic: ssot__Opportunity__dlm.ssot__OwnerId__c Is Not Equal To $User.ssot__Id__c
              Interpretation: If the opportunity owner ID does not match the logged-in user's ID, deny access to that record.
             
            Loading
            Salesforce Help | Article